TITLE OF THE INVENTION 

METHOD AND SYSTEM FOR VERYFYING THE AUTHENTICITY OF A FIRST 
COMMUNICATION PARTICIPANTS IN A COMMUNICATIONS NETWORK 

CROSS REFERENCE TO RELATED APPLICATIONS 

[0001] This application is based on and hereby claims priority to Genman Application No. 
19927 271 .9 filed on June 15. 1999 in Germany, and PCT Application No. PCT/DEOO/01788 
filed on May 31, 2000, the contents of which are hereby incorporated by reference. 

BACKGROUND OF THE INVENTION 

[0002] The invention relates to a method and an arrangement for checking the authenticity of a 
first communication subscriber in a communications network. 

[0003] In a communications network, data is generally transmitted between communication 
subscribers, for example a service provider and a service user. In order to protect a 
communications network against penetration of an unauthorized communication subscriber into 
the communications network, the authenticity of each communication subscriber is generally 
checked. 

[0004] 3G TS 33.102 Version 3.0.0 Draft Standard, 3"^ Generation Partnership Project, 
Technical Specification Group Services and System Aspects, 3G Security, Security Architecture, 
05/1999 ("the 3G reference") discloses a method and an arrangement for checking the 
authenticity of a communication subscriber, in particular of a service provider or of a service 
user in a communications network. 

[0005] The method known from the 3G reference and the corresponding arrangement are 
based on what is referred to as 3G TS 33.102 Version 3.0.0 Draft Standard, which describes a 
security architecture of a mobile phone system. 

[0006] In Fig. 4, the procedure during the checking of the authenticity of a communication 
subcriber, such as is known from the 3G reference is illustrated symbolically and parts thereof 
will be explained below briefly. 

[0007] A transmission of data is illustrated in Fig. 4 by an arrow in each case. A direction of an 
arrow characterizes a transmission direction during a data transmission. 

[0008] Fig. 4 shows a mobile phone system 400, comprising a user 401 of a communication 
service, for example a mobile phone, and a provider 402 of a communication service. The 
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provider 402 comprises a dial-in network 403 with a dial-in network operator from which the user 

401 locally requests a communication service, and a home network 404 with a home network 
operator with which the user 401 is signed on and registered. 

[0009] In addition, the user 401 , the dial-in network 403 and the home network 404 each have a 
central processing unit with a memory, for example a server (central computing unit), with which 
processing unit the procedure described below is monitored and controlled and on which 
memory data is stored. 

[0010] The dial-in network 403 and the home network 404 are connected to one another via a 
data line over which digital data can be transmitted. The user 401 and the dial-in network 403 
are connected to one another via any desired transmission medium for the transmission of 
digital data. 

[0011] During a communication, the user 401 dials 410 into the dial-in network 403. At the start 
of the communication, checking of both the authenticity of the user 401 and the authenticity of 
the provider 402 is carried out. 

[0012] To do this, the dial-in network 403 requests 41 1 what is referred to as authentication data 
from the home network 404, with which data the authenticity of the user 401 and of the provider 

402 can be checked. 

[0013] The authentication data which is obtained from the home network 404 comprises a 
random number and a sequential number of the provider 402. The sequential number of the 
provider 402 is obtained in such a way that a counter of the provider 402 increases the 
sequential number of the provider 402 by the value 1 at each attempt at communication 
between the user 401 and the provider 402. 

[0014] It is to be noted that the random number and the sequential number of the provider 402 
only constitute part of the authentication data and are not to be understood as comprehensive. 
Further authentication data is known from the 3G reference. 

[0015] The home network 404 transmits 412 the requested authentication data to the dial-in 
network 403. The dial-in network 403 processes the received authentication data in a suitable 
way 413, and transmits the processed authentication data to the user 401. 
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[0016] The user 401 checks 415 the authenticity of the provider 402 using a dedicated 
sequential number, which is handled in a way corresponding to the sequential number of the 
provider 402, and using the sequential number of the provider 402. 

[0017] The procedure during the checking of the authenticity of the provider 402 is described in 
the 3G reference. 

[0018] A result of the checking of the authenticity of provider 402. "authenticity of provider 
satisfactory" 416, "authenticity of provider satisfactory but sequential fault has occurred" 417 or 
"authenticity of provider not satisfactory" 418, is transmitted 419 from the user 401 to the 
provider 402. 

[0019] In the case of the result "authenticity of provider satisfactory" 416, the dial-in network 
403 checks 420 the authenticity of the user 401 as described in the 3G reference. 

[0020] In the case of the result "authenticity of provider not satisfactory" 418, the 
communication is interrupted and/or restarted 421. 

[0021] In the case of the result "authenticity of provider satisfactory but a sequential fault has 
occurred" 417. resynchronization takes place in such a way that the home network 404 
transmits 422 a resynchronization request to the user 401. The user responds with a 
resynchronization response in which resynchronization data is transmitted 423 to the home 
network 404. The sequential number of the provider 402 is changed 424 as a function of the 
resynchronization response. The authenticity of the user 401 is then checked, as is known from 
the 3G reference. 

[0022] The procedure described has the disadvantage that during checking of the authenticity 
of a communication subscriber, in particular during the checking of the authenticity of a service 
provider, a large amount of data has to be transmitted between the communication subscribers. 

SUMMARY OF THE INVENTION 

[0023] One aspect of the invention is thus based on simplifying and improving the known 
method and the known arrangement, to yield a simplified and improved arrangement for 
checking the authenticity of a communication subscriber in a communications network. 

[0024] In the method for checking the authenticity of a first communication subscriber in a 
communications network, a first fault information item is formed in the first communication 
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subscriber using a fault detection data item of the first communication subscriber and an 
information item relating to a random data item. In a second communication subscriber in the 
communications network, a second fault information item is formed using a fault detection data 
item of the first communication subscriber and the infomnation relating to the random data item, 

[0025] The authenticity of the first communication subscriber is checked using the first fault 
information item and the second fault information item. 

[0026] In the arrangement for checking the authenticity of a first communication subscriber in a 
communications network, the first communication subscriber is set up in such a way that a first 
fault information item can be formed using a fault detection data item of the first communication 
subscriber and an information item relating to a random data item. In addition, the anrangement 
has a second communication subscriber in the communications network which is set up in such 
a way that a second fault infomnation item can be formed using a fault detection data item of the 
second communication subscriber and the information relating to the random data item. The 
authenticity of the first communication subscriber can be checked using the first fault infomnation 
item and the second fault information item. 

[0027] The checking of the authenticity of a communication subscriber in a communications 
network is to be understood as meaning method steps which are carried out in the wider sense 
with checking of the authorization of a communication subscriber for access to a 
communications network or participation in communication in a communications network. 

[0028] This thus encompasses both method steps which are carried out within the scope of the 
checking of the authorization of a communication subscriber for access to a communications 
network and such method steps which are carried out within the scope of the processing or the 
administration of data which is used in the checking. 

[0029] The developments described below relate to the method and to the arrangement. 

[0030] The development described below can be implemented either using software or 
hardware, for example using a specific electrical circuit. 

[0031] In one refinement, the first communication subscriber is a service provider and/or the 
second communication subscriber is a service user in the communications network. 

[0032] A sequential number is preferably used as the fault detection data item. 
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[0033] In one refinement, the infomnation relating to the random data item is a random number. 

[0034] In one development, the checking of the authenticity is simplified by determining a 
difference between the fault detection data item of the first communication subscriber and the 
fault detection data item of the second communication subscriber. 

[0035] In one refinement, the checking of the authenticity is further improved with respect to the 
security of the communications network by limiting the difference. 

[0036] One development is preferably used within the scope of a mobile phone system. In the 
mobile phone system, the service user is implemented as a mobile phone and/or the service 
provider is implemented as a mobile phone network operator. 

BRIEF DESCRIPTION OF THE DRAWINGS 

[0037] These and other objects and advantages of the present invention will become more 
apparent and more readily appreciated from the following description of the prefen-ed 
embodiments, taken in conjunction with the accompanying drawings of which: 

Fig. 1 shows a mobile phone system; 

Fig. 2 shows an outline in which checking of the authenticity of a communication 
subscriber is illustrated symbolically; 

Fig. 3 shows a flowchart in which individual method steps are illustrated during 
checking of the authenticity of a service provider in a communications network; and 

Fig. 4 shows an outline in which checking of the authenticity of a communication 
subscriber in accordance with the 3G TS 33.102 Version 3.0.0 Standard is illustrated 
symbolically. 

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT 

[0038] Reference will now be made in detail to the preferred embodiments of the present 
invention, examples of which are illustrated in the accompanying drawings, wherein like 
reference numerals refer to like elements throughout. 

Exemplary embodiment: mobile phone system 

[0039] A mobile phone system 100 is illustrated in Fig. 1. The mobile phone system 100 
comprises a mobile phone 101. a local diaWn network 102 with a diaWn network operator 103 
and a home network 104 with a home network operator 105. 
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[0040] The mobile phone 101 is signed on and registered in the home networl< 104. 

[0041] In addition, the mobile phone 101, the dial-in network 102 and the home network 104 
each have a central processing unit 106, 107, 108 with a memory 109, 110, 111, with which 
processing units 106, 107, 108 the procedure described below is monitored and controlled, and 
on which memories 109. 110. Ill data is stored. 

[0042] The dial-in network 102 and the home network 104 are connected to one another via a 
data line 1 12 via which digital data can be transmitted. The mobile phone 101 and the dial-in 
network 102 are connected to one another via any desired transmission medium 113 for 
transmitting digital data. 

[0043] The procedure during the checking of the authenticity of the mobile phone 101 and the 
procedure during the checking of the authenticity of the home network 104 and/or of the home 
network operator 105 are illustrated symbolically in Fig. 2, and parts thereof will be explained 
below briefly. 

[0044] The transmission of data in Fig. 2 is illustrated in each case by an arrow. A direction of 
an arrow characterizes a transmission direction during a data transmission. 

[0045] The procedure which is described below and illustrated symbolically in Fig. 2 is based 
on what is referred to as a 3G TS 33.102 Version 3.0.0 Standard, which describes a security 
architecture of a mobile phone system and is described in the 3G reference. 

[0046] During a communication, the mobile phone 201 dials 210 into the dial-in network 203. At 
the start of the communication, checking both of the authenticity of the mobile phone 201 and of 
the authenticity of the home network 204 and/or of the home network operator takes place. 

[0047] To do this, the dial-in network 203 requests 21 1 authentication data from the home 
network 204, with which authentication data the authenticity of the user 201 and of the home 
network 204 and/or of the home network operator can be checked. 

[0048] The authentication data which is determined by the home network 204 comprises a 
random number and a sequential number of the home network 204 (cf. Fig, 3 step 310). The 
sequential number of the home network 204 is detemnined in such a way that a counter of the 
home networi< 204 increases the sequential number of the home network 204 by the value 1 at 
each attempt at communication between the mobile phone 201 and the home network 204. 
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[0049] It is to be noted that the random number and the sequential number of the home network 
204 only constitute part of the authentication data and are not to be understood as 
comprehensive. Further authentication data is specified in the 3G reference. 

[0050] The home network 204 transmits 212 the requested authentication data to the dial-in 
network 203. The dial-in network 203 processes the received authentication data in a suitable 
way 213 and transmits the processed authentication data to the mobile phone 201. 

[0051] The mobile phone 201 checks 215 the authenticity of the home network 204 using a 
dedicated sequential number which is handled in a way con^esponding to the sequential number 
of the home network 204, and using the sequential number of the home network 204. In a way 
corresponding to the home network 204, the mobile phone 201 also has a counter. 

[0052] The procedure during the checking of the authenticity of the home network 204 is 
described in the 3G reference. Method steps which differ therefrom are described below. 

[0053] What is referred to as overflow checking of the counter of the mobile phone 201 is 
carried out within the scope of the checking of the authenticity of the home network 203. This 
overflow checking prevents overflowing of an acceptable numerical range of the counter of the 
mobile phone 201. 

[0054] In the overflow checking, the following conditions are tested: 

1 ) sequential number of the home network 204 > sequential number of the mobile 
phone 201; 

2) sequential number of the home network 204 - sequential number of the mobile 
phone 201 < - predefinable deviation (1,000,000); 

the following applying for the predefined deviation: 

predefinable deviation is sufficiently large in order to ensure, during normal or 
fault-free communications operation: 

that the sequential number of the home network 204 - sequential number of the mobile 
phone 201 is not > predefinable deviation; 

the maximum permissable sequential number of the mobile phone 
201/predefinable deviation is sufficiently large in order to ensure that the maximum permissible 
sequential number of the mobile phone 201 is not reached during operation. 
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[0055] The result of the checking of the authenticity of the home network 204, "authenticity 
satisfactory" 216. "authenticity satisfactory but a sequential fault has occurred" 217 or 
"authenticity not satisfactory" 218 is transmitted 219 to the home network 204 from the mobile 
phone 201. 

[0056] In the case of the result "authenticity satisfactory" 216, the dial-in network 203 checks 
220 the authenticity of the mobile phone 201, as described in 3G reference. 

[0057] In the case of the result "authenticity not satisfactory" 218, the communication is 
interrupted or restarted 221 . 

[0058] In the case of the result "authenticity satisfactory but a sequential fault has occun^ed" 
217, resynchronization 222 takes place. Resynchronization is to be understood as a change of 
the sequential number of the home network 204. 

[0059] For this purpose, the mobile phone 201 transmits 222 resynchronization data to the 
dial-in network 203. 

[0060] The resynchronization data comprises the same random number which was transmitted 
within the scope of the authentication data, and the sequential number of the mobile phone 201 
(cf. Fig. 3 step 320). 

[0061] The dial-in network 203 processes the resynchronization data in a suitable way and 
transmits the processed resynchronization data to the home network 204. 

[0062] The home network 204 checks the sequential number of the mobile phone 201 and the 
sequential number of the home network 204 using the processed resynchronization data, and if 
appropriate changes 223 the sequential number of the home network 204 (cf. Fig. 3 step 330). 

[0063] The home network 204 subsequently transmits new authentication data, which if 
appropriate comprises the changed sequential number of the home network 204, to the dial-in 
network 203. 

[0064] In order to illustrate the described procedure, important steps 300 of the procedure are 
illustrated in Fig. 3. 

[0065] Fig. 3 shows a first step 310 within the scope of which the authentication data (first fault 
information) is determined. 
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[0066] The resynchronization data (second fault information) is determined within the scope of 
a second step 320. 

[0067] The sequential number of the mobile phone and the sequential number of the home 
network are checked within the scope of a third step 330, using the resynchronization data. 

[0068] An alternative of the first exemplary embodiment is described below. 

[0069] In the alternative exemplary embodiment, a method is implemented in which the home 
network is made more reliable with respect to a data loss in the event of a system crash. 

[0070] For this purpose, the current sequential number of the home network is stored in the 
memory of the home network, in each case at a predefinable time interval. A sequential number 
of the home network which has been lost during a system crash of the home network is restored 
Jn such a way that a predefinable additional value is added to the value of the stored sequential 
number The predefinable additional value is dimensioned in such a way that exceeding of the 
sum of the sequential number of the mobile phone and the predefinable deviation is not 
exceeded. 

[0071] In the alternative exemplary embodiment, the predefinable additional value is 
determined in such a way that an average number of authentication attempts on one day by the 
home network, which number is determined during operation of the communications network, is 
multiplied by a factor with the value 10. 

[0072] The invention has been described in detail with particular reference to preferred 
embodiments thereof and examples, but it will be understood that variations and modifications 
can be effected within the spirit and scope of the invention. 
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